CVE-2024-38266

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

Published: Sep 24, 2024 / Updated: 57d ago

010
CVSS 4.9EPSS 0.04%Medium
CVE info copied to clipboard

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-38266. See article

Sep 24, 2024 at 1:43 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 24, 2024 at 1:43 AM
CVE Assignment

NVD published the first details for CVE-2024-38266

Sep 24, 2024 at 2:15 AM
CVSS

A CVSS base score of 4.9 has been assigned.

Sep 24, 2024 at 2:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 24, 2024 at 2:31 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 14.1%)

Sep 24, 2024 at 9:33 AM
Static CVE Timeline Graph

Affected Systems

Zyxel/vmg8825-t50k_firmware
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

CVE Alert: CVE-2024-38266 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-38266/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_38266
[CERT-daily] Tageszusammenfassung - 24.09.2024
https://www.bleepingcomputer.com/news/security/new-mallox-ransomware-linux-variant-based-on-leaked-kryptina-code/ https://www.bleepingcomputer.com/news/security/new-octo-android-malware-version-impersonates-nordvpn-google-chrome/
Multiple vulnerabilities in Zyxel products
The vulnerability allows a remote user to perform a denial of service (DoS) attack. The vulnerability allows a remote user to perform a denial of service (DoS) attack.
Zyxel security advisory for post-authentication memory corruption vulnerabilities in some...
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
CVE-2024-38266 | Zyxel VMG8825-T50K up to 5.50(ABOM.8)C0 Parameter Type Parser memory corruption
A vulnerability, which was classified as critical , was found in Zyxel VMG8825-T50K up to 5.50(ABOM.8)C0 . This affects an unknown part of the component Parameter Type Parser . The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-38266 . It is possible to initiate the attack remotely. There is no exploit available.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI